RootRoot

RootRoot is an open-source Android security detection toolkit built for security researchers, penetration testers, and Android enthusiasts. It demonstrates how mobile applications detect rooted devices, Magisk installations, and Frida instrumentation frameworks in real time.
The app performs 13 security checks across 4 distinct detection strategies, giving you a comprehensive view of your device's security posture.
▌ DETECTION METHODS
◆ Java Layer Detection
• Root Package Scan — Checks PackageManager against 48 known root app signatures including Magisk, SuperSU, KingRoot, and Xposed
• SU Binary Search — Scans 14 directories for su, busybox, and magisk binaries
◆ Native Static Registration
Uses exported JNI symbols visible in the .so symbol table:
• Su Binary Check via native file access
• Magisk Mount detection through /proc/mounts
• Frida Process scanning via /proc/cmdline
• Frida Library detection through /proc/self/maps
◆ Native Dynamic Registration
Functions registered at runtime via RegisterNatives() in JNI_OnLoad — no exported symbols visible in the symbol table. Same checks, harder to reverse engineer.
◆ Native Dlsym (Hidden Registration)
Functions loaded via dlsym() from a separate shared library — the most obfuscated detection strategy, simulating real-world security SDK behavior.
▌ KEY FEATURES
✦ 13 detection checks across 4 JNI registration strategies
✦ Terminal-style dark UI with expandable result cards
✦ Real-time scan results with execution timing
✦ Detailed descriptions of each detection technique
✦ Pure C native code — zero C++ STL dependency
✦ Educational tool for understanding mobile security
✦ Supports armeabi-v7a, arm64-v8a, x86, and x86_64
▌ WHO IS THIS FOR?
• Security researchers studying Android root detection techniques
• Penetration testers evaluating device security posture
• Android developers implementing or auditing anti-tampering measures
• Students learning about JNI, native code, and mobile security
• ROM/Magisk enthusiasts testing detection bypass methods
▌ EDUCATIONAL PURPOSE
RootRoot is designed as a security research and educational tool. It demonstrates both offensive and defensive mobile security techniques. All detection methods are fully documented and open source on GitHub.
Understanding how root detection works helps both defenders build stronger protections and researchers identify weaknesses in existing implementations.
source code: https://github.com/John-Jung/RootRoot